cacti -- SQL injection and command execution vulnerabilities

Details

VuXML ID

5198ef84-4fdc-11df-83fb-0015587e2cc1

Discovery

2010-04-21

Entry

2010-04-24

Modified

2013-06-16

Bonsai information security reports:

A Vulnerability has been discovered in Cacti, which
can be exploited by any user to conduct SQL Injection
attacks. Input passed via the "export_item_id" parameter
to "templates_export.php" script is not properly sanitized
before being used in a SQL query.